Just about everyone that uses a computer uses compressed zip files in day-to-day use. However, zipped files are not known for their security,
other than sometimes requiring a password for access files stored within a zip file.
For the last few years, the software of choice for zipping up files has been winzip. And for good reason, it is simple to use and for the most
part if you can put up with some nagging splash screens, it is free.
But before them, it was PKWare that blazed the compressed file trail. It is now trying to storm back into desktop arena with its SecureZip software. While most compression programs allow users to specify a password to restrict access to zipped files, SecureZip integrates with existing PKIs to make them more attractive to security professional.
There are also a raft of administrative features designed with the enterprise in mind.
Installing it was easy nothing and there were no surprises there. The main console is simple to understand and looked a lot like some other
zip application. Adding files to be zipped was easy to do. The application makes encrypted new and existing files very easy. An icon on the main window brings up the encryption options. This is where you con not only specify passwords to access the file but also assign digital certificates.
In the menu bar there are options where methods of encryption can be chosen, which range from 128-bit AES to 256-bit AES and 168-bit 3DES.
This encryption capability is base on RSA Security's BSAFE software.
The software also integrates with email products such as Lotus Notes and Outlook allowing mail users to secure files direct from the client by simply clicking on the attach files icons within the clients.
Something that will appeal to the enterprise administrator is the ability to set and enforce security policies related to storage and transfer of information. It also integrates with LDAP-compatible PKI directories, allowing users to send and receive certificate-encrypted files to other users within their trusted community.
These signatures can be viewed and verified from the interface, they can also be remove and new ones attached from the file properties dialogue.
Again the application gives a great deal of information about the status of signatures attached to the file, whether they are trusted, expired,
revoked or not.
This is a worthwhile product and is reasonable easy to use. It will suit enterprises that use digital certificates and works alongside security policies very well. There were a few minor problems with the interface that if fixed would make the it more intuitive to use.